Skills
skills/jimliu/baoyu-skills/baoyu-translate/Gen Agent Trust Hub

baoyu-translate

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it ingests untrusted data from external URLs and files, which is then used as context in translation and analysis prompts.
  • Ingestion points: Source content is materialized from user-provided files, inline text, or URLs (defined in references/workflow-mechanics.md and processed by scripts/chunk.ts).
  • Boundary markers: Absent. The references/subagent-prompt-template.md does not specify the use of delimiters (e.g., XML tags or specific markers) to isolate untrusted source content from the agent's instructions.
  • Capability inventory: The skill executes local TypeScript code via bun or npx (defined in SKILL.md), performs file system read/write operations (defined in scripts/chunk.ts), and performs network read operations for URL-based materialization.
  • Sanitization: No evidence of sanitization, escaping, or structural validation of the external content before it is interpolated into the prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 01:52 AM